[ https://issues.apache.org/jira/browse/GORA-642?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Kevin Ratnasekera updated GORA-642: ----------------------------------- Description: This is a security fix for a vulnerability in Apache Maven pom.xml file(s). The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. This leaves build vulnerable to allowing a Man in the Middle (MITM) attackers to execute arbitrary code on local computer or CI/CD system. was: This is a security fix for a vulnerability in Apache Maven pom.xml file(s). The build files indicate that this project is resolving dependencies over HTTP instead of HTTPS. This leaves your build vulnerable to allowing a Man in the Middle (MITM) attackers to execute arbitrary code on your or your computer or CI/CD system. > Use HTTPS to resolve dependencies in Maven Build > ------------------------------------------------ > > Key: GORA-642 > URL: https://issues.apache.org/jira/browse/GORA-642 > Project: Apache Gora > Issue Type: Improvement > Components: build process > Affects Versions: 0.9 > Reporter: Kevin Ratnasekera > Assignee: Kevin Ratnasekera > Priority: Major > Fix For: 1.0 > > > This is a security fix for a vulnerability in Apache Maven pom.xml file(s). > The build files indicate that this project is resolving dependencies over > HTTP instead of HTTPS. This leaves build vulnerable to allowing a Man in the > Middle (MITM) attackers to execute arbitrary code on local computer or CI/CD > system. -- This message was sent by Atlassian Jira (v8.3.4#803005)